TEMPEST AND ECHELON

10081A1210 from the monitor of a computer screen. Tempest can capture the signals through the walls of computer screens and keystrokes of keyboard even if the computer is not connected to a network. Thus the traditional way of hacking has a little advantage in spying.

ABSTRACT TEMPEST is a codename referring to investigations conducted and studies of (CE).

emission

Compromising emanations are defined as unintentional intelligence-bearing signals which, if intercepted and analyzed, information may disclose the

transmitted,

received,

handled, or otherwise processed by any information-processing

equipment.TEMPEST is a code word that relates to specific standards used to reduce electromagnetic emanations. In the civilian world, you'll often hear about TEMPEST devices (a receiver and antenna used to monitor

emanations) or TEMPEST attacks (using an emanation monitor to

eavesdrop on someone). While not quite to government naming specs, the concept is still the same. Echelon is the technology for sniffing through the messages sent over a network or any transmission media, even it is wireless messages. Tempest is the technology for intercepting the electromagnetic waves over the air. It simply sniffs through the electromagnetic waves propagated from any device, even it is
1 SHADAN COLLEGE OF ENG & TECH

TEMPEST AND ECHELON

10081A1210 method of Tempest and Carnivores behind. Echelon is the technology for sniffing through the messages sent over a network or any transmission

CHAPTER 1 INTRODUCTION

The notion of spying is a very sensitive topic after the

media, even it is wireless messages. Tempest is the technology for

September11 attack of Terrorists in New York. In the novel 1984, George Orwell foretold a future where individuals had no expectation of privacy because the state monopolized the technology of spying. Now the National security

intercepting the electromagnetic waves over the air.It simply sniffs through the electromagnetic waves propagated

from any devices, even it is from the monitor of a computer screen. Tempest can capture the signals through the walls of computer of key screens board and even

Agency Of USA developed a secret project to spy on people for keep tracing their messages to make technology enabled interception to find out the terrorist activities across the globe, named as Echelon. Leaving the

keystrokes

thecomputer is not connected to a network. Thus the traditional way of hacking has a little advantage in spying. For the common people it is so hard to believe that their monitor can be reproduced from anywhere in one kilometer range without any

technology ahead of the any traditional method of interception .The secret

project Developed by NSA (National Security Agency of USA) and its allies is tracing every single transmission even a single of keyboard. The allies of USA in this project are UK, Australia, New Zealand and Canada. Echelon is

transmission media in between the equipment and their computer. So we have to believe the technology enabled us to reproduce anything from a monitor of computer to the Hard Disks including the Memory (RAM) of a distant computer without any physical or visual contact. It is done with the

developed with the highest computing power of computers connected through the satellites all over the world. In this project the NSA left the wonderful

2 SHADAN COLLEGE OF ENG & TECH

TEMPEST AND ECHELON Electromagnetic waves propagated from that device. The main theory behind the Tempest(Transient Electromagnetic

for this.

10081A1210 Firstly they will intercept the

messages by the technology named as the Tempest and also with the

Carnivore. Every packet is sniffed for spying for the USAs NSA for security reasons.Interception of communications is a method of spying commonly employed by intelligence services, For an intelligence agency they are make use of the spies for the secret services for government to provide the security of government and the people. So they can use any methods to ensure the security of people including spying, it is not guilt. It depends on the target we are aiming. To capture the terrorists before they can make any harm to people, we must keep the technology ahead. We, Engineers are behind that project of NSA and so we have to aware of that technology for enabling our INDIA also in this field. Because it is used mainly by the security agencies and spies all over the world even though there is a lack of equipments for this purpose. Equipments for Tempest

Pulse Emanation Standard.) is that any electronic or electrical devices emit Electromagnetic radiations of specific key when it is operated. For example the picture tube of computer monitor emits radiations when it is scanned up on vertical of horizontal range beyond the screen. It will not cause any harm to a human and it is very small. But it has a specific frequency range. You can reproduce that electromagnetic waves by tracing with the powerful equipments and the powerful filtering methods to correct the errors while transmission equipment.Actually electromagnetic waves are from the this not

necessary for a human being because it not coming from a transmitter, but we have a receiver to trace the waves. For the project

named as Echelon the NSA is using supercomputers for sniffing through the packets and any messages send as the electromagnetic waves. They are using the advantage of Distributed computing

spying is available in USA and is prohibited of exporting from there. Some smuggled equipments may be here. But we have to develop the systems for our Military and
3

SHADAN COLLEGE OF ENG & TECH

TEMPEST AND ECHELON Intelligence Agencies for ensuring the best securityforourpeople.

10081A1210

4 SHADAN COLLEGE OF ENG & TECH

TEMPEST AND ECHELON CHAPTER 2 TEMPEST AND ECHELON Interception of

10081A1210 system.While developing this we have to consider about the privacy of common America domestic American the regular discovery targeted reasons of at of

surveillance civilians for

communications is a method of spying commonly employed by intelligence services, whereas there can now be no doubt that the purpose of the system is to intercept, at the very least, private and commercial communications, and not military communications, although the analysis carried out in the report has revealed that the technical capabilities of the system are probably not nearly as extensive as some section of the media had assumed.

unpopular political affiliation or for no probable cause at all in violation of the First, Fourth and Fifth Amendments of the Constitution of America are

consistently impeded by very elaborate and complex legal arguments and

privilege claims by the intelligence agencies and the US government. The guardians and caretakers of their

liberties, their duly elected political representatives, give scarce attention to these activities, let alone the abuses that occur under their watch. The other ECHELON targets are political spying and industrial espionage. The existence and expansion of ECHELON is a foreboding omen regarding the future of our Constitutional liberties. If a

2.1 The Need for an Interception System:

Interception of messages is the major work for the intelligence agencies all over zthe world, to keep track of the spies and terrorists for preserving the security of the country from the leaking ofsensitive documents and the terrorist attacks. By the work of the intelligence agencies the government is ensuring the security of the state. For that we have to enable our intelligence agencies with modern technologies like USA. For that we must setup an interception

government agency can willingly violate the most basic components of the Bill of Rights without so much as Congressional oversight and approval, we have reverted from a republican form of government to tyranny.While considering about the political spying we have to consider many legal issues. It consists of spying the other parties and the messages sent
5

SHADAN COLLEGE OF ENG & TECH

TEMPEST AND ECHELON by them. Since the close of World War II, the US intelligence agencies have developed a consistent record of

10081A1210 These signals are fed through the massive supercomputers of the NSA to look for certain keywords called the ECHELON dictionaries.For these

trampling the rights and liberties of the American people. Even after

above reasons our country INDIA must be enabled to cop with the new interception system. For that we,

theinvestigations into the domestic and political surveillance activities of the agencies that followed in the wake of the Watergate fiasco, the NSA continues to target the political activity of unpopular political groups and our duly elected representatives.While the Industrial

engineers must do the work other wise our country will also become vulnerable to any attacks from the other states. For that reason i am presenting this seminar

considering

about

Espionage we have to discuss we have to redefine the notion of National Security to include economic, commercial and corporate concerns. Many of the major companies helped NSA to develop the ECHELON system to tackle the .

mammoth task for setting up the largest computing power throughout the world. ECHELON is actually a vast network of electronic spy stations located around the world and maintained by five countries: the US, England, Canada, Australia, and New Zealand. These countries, bound together in a still-secret agreement called UKUSA, spy on each others citizens by intercepting and gathering electronic signals of almost every telephone call, fax transmission and email message transmitted around the world daily.

6 SHADAN COLLEGE OF ENG & TECH

TEMPEST AND ECHELON

10081A1210 and, environmental conditions related to physical security and ambient noise "compromising emanations" rather than

CHAPTER 3 INSIDE TEMPEST

TEMPEST is a short name referring to investigations compromising and studies of (CE).

"radiation"

is

used

because

the

compromising signals can, and do, exist in several forms such as magnetic and/or electric field radiation, line conduction, (signal and power) or acoustic the

emanations

Compromising emanations aredefined as unintentiorial intelligence-bearing signals which, if intercepted and analyzed,

emissions.More emanations occur as:

specifically,

1. Electromagnetic fields set free by elements of the plaintext processing equipment or its associated conductors. 2. Text-related signals coupled to cipher, power, signal, control or other BLACK lines through (a) common circuit elements such as grounds and power supplies or (b) inductive and capacitive coupling 3. Propagation of sound waves from mechanical or electromechanical devices. 4. The TEMPEST problem is not one which is confined to cryptographic devices; it is a system problem and is of concern for all equipment which process plaintext national security data.

disclose the national security information transmitted, received, handled or

otherwise processed by any informationprocessing emanations equipment. consist of Compromising electrical or

acoustical energy unintentionally emitted by any of a great number of sources within equipment/systems which process national security information. This energy may relate to the original message, or information being processed, in such a way that it can lead to recovery of the plaintext. Laboratory and field tests have established that such CE can be

propagated through space and along nearby conductors. ranges The and

interception/propagation

analysis of such emanations are affected by a variety of factors, e.g., the functional design of the information processing equipment; system/equipment installation;
7 SHADAN COLLEGE OF ENG & TECH

TEMPEST AND ECHELON

10081A1210

3.1Sources of TEMPEST Signals:

In practice, the more common types of compromising emanations(CE )are attenuated RED(A term applied to wire lines, components, equipment, and systems which handle national security signals, and to areas in which national security signals occur.) base band signals, spurious carriers modulated by RED base band signals, and impulsive emanations. 1) Functional Sources. - Functional sources are those designed for the specific purpose of generating

3.2Types of TEMPEST Signals:

In practice, the more common types of CE(compromising emanations) are attenuated RED base band signals, spurious carriers modulated by RED base band signals, and impulsive

emanations.RED Base band Signals -The most easily recognized CE is the RED baseband signal in attenuated but otherwise unaltered form, since it is essentially identical to the RED base band signal itself. This emanation can be introduced into electrical conductors

electromagnetic energy. Examples are switching transistors, oscillators. Signal generators, synchronizers, line drivers, and line relays. 2) Incidental Sources - Incidental sources are those which are not designed for the specific purpose of generating

connected to circuits (within an EUT) which have an impedance or a power source in common with circuits

processing RED baseband signals. It can be introduced into an escape medium by capacitive or inductive coupling, and especially by radiation with RED

baseband signals of higher frequencies or data rates. Modulated Spurious Carriers -This type of CE is generated as the modulation of a carrier by RED data. The carrier may be a parasitic oscillation generated in the equipment, i.e., the chopper frequency of a power supply, etc. The carrier is usually amplitude or anglemodulated by the basic RED data signal. or a signal related to the basic RED data
8

electromagnetic energy. Examples are electromechanical switches and brushtype motors.

SHADAN COLLEGE OF ENG & TECH

TEMPEST AND ECHELON signal, which is then radiated into space or coupled into EUT external conductors. See Figure below for time and frequency domain representations.

10081A1210

9 SHADAN COLLEGE OF ENG & TECH

TEMPEST AND ECHELON

10081A1210

Impulsive

Emanations

--

2) Line Conduction 3) Fortuitous Conduction 4) Acoustics

Impulsive emanations are quite common in Equipment under Tests processing digital signal, and are caused by very fast mark-to-space and space-to-mark

transitions of digital signals. Impulsive emanations can be radiated into space or coupled into Equipment under Test external conductors. See Figure 2 below for the time and frequency domain representations. Other Types of Emanations -Most CE resembles one of the types mentioned thus far. There are, however, other possible types of CE which are caused by various linear and nonlinear operations occurring in informationprocessing equipments and systems. Such CE cannot easily be categorized. In practice, these emanations often exhibit features which can frequently be related to one of the three types discussed.

3.4Technology TEMPEST:
TEMPEST

behind
uses

the
the

electromagnetic waves propagated from the electronic devices

intentionally or non intentionally. For receiving the texts or data at the other end we have to screw up to a specific frequency range and just listen or replicate the data at the other end. Tempest is the technology, which can reproduce what you are seeing in your monitor, what you are typing in your keyboard from a couple of kilometres away. It traces all electromagnetic radiation from the victims monitor, keyboard, even pc memory and hard disk, and then it reproduces the signals. By using this technology it is possible to intrude (only listening) in to a persons computer from a couple of kilometres away, even it is a computer which is not Networked and

3.3Propagation of TEMPEST Signals:

There are four basic means by which compromising emanations maybe propagated as: 1) Electromagnetic Radiatio

enables the intruder to hack without any connection to the victims computer.

10 SHADAN COLLEGE OF ENG & TECH

TEMPEST AND ECHELON

10081A1210

The techniques that enable the software on a computer to control the

execute known algorithms. Even if signals caused by single instructions are lost in the noise, correlation techniques can be used to spot the execution of a known pattern of instructions. Bovenlander

electromagnetic radiation it transmits. This can be used for both attack and defence. To attack a system, malicious code can encode stolen information in the machine's RF emissions and optimize them for some combination of reception range, receiver cost and covertness. To defend a system, a trusted screen driver can display sensitive information using fonts which minimize the energy of these emissions.When computers averaging snooping similar in to a VDU, and periodic

reports identifying when a smartcard performs a DES encryption by monitoring its power consumption for a pattern repeated sixteen times. Several attacks become possible if one can detect in the power consumption that the smartcard processor is encode stolen information in the machine's RF emissions and optimize them for some combination of reception range, receiver cost and covertness. To defend a system, a trusted screen driver can display sensitive information using fonts which minimize the energy of these emissions.When computers snooping VDU, in to a similar

cross-correlation

techniques can be used if the signal is periodic or if its structure is understood. Video display units output their frame buffer content periodically to a monitor and are therefore a target, especially where the video signal is amplified to several hundred volts. Knowledge of the fonts used with video displays and printers allows maximum likelihood

periodicaveraging and cross-correlation techniques can be used if the signal is periodic or if its structure is understood. Video display units output their frame buffer content periodically to a monitor and are therefore a target, especially where the video signal is amplified to several hundred volts. Knowledge of the fonts used with video displays and

character recognition techniques togive a better signal/noise ratio for whole

characters than is possible for individual pixels. Similar techniques can be applied when snooping on CPUs that

printers

allows

maximum

likelihood
11

SHADAN COLLEGE OF ENG & TECH

TEMPEST AND ECHELON

10081A1210

character recognition techniques togive a better signal/noise ratio for whole

ground; these are excited by the highfrequency components in the edges of the data signal, and the resulting short HF oscillations emit electromagnetic waves. It

characters than is possible for individual pixels. Similar techniques can be applied when snooping on CPUs that execute known algorithms. Even if signals caused by single instructions are lost in the noise, correlation techniques can be used to spot the execution of a known pattern of instructions. Bovenlander reports

has

also

been

suggested

that

an

eavesdropper standing near an automatic teller machine equipped with fairly simple radio equipment could pick up both magnetic stripe and PIN data, because card readers and keypads are typically connected to the CPU using serial links. A related risk is cross-talk between cables that run in parallel. For instance, the reconstruction of network data from telephone lines has been demonstrated where the phone cable ran parallel to the network cable for only two metres. Amateur radio operators in the

identifying when a smartcard performs a DES encryption by monitoring its power consumption for a pattern repeated sixteen times. Several attacks become possible if one can detect in the power consumption that the smartcard processor is about to write into EEPROM. For example, one can try a PIN, deduce that it was incorrect from the power consumption,and issue a reset before the non-volatile PIN retry counter is updated. In this way, the PIN retry limit may be defeated.Smulders showed that even

neighbourhood of a 10BASE-T network are well aware of the radio interference that twisted-pair Ethernet traffic causes in the short-wave bands. Laptop owners frequently hear radio interference on nearby FMradio receivers, especially during operations such as window

shielded RS-232 cables can often be eavesdropped at a distance. Connection cables form resonant circuits consisting of the induction of the cable and the capacitance between the device and

scrolling that cause bursts of system bus activity. A Virus could use this effect to broadcast data. Compromising emanations are not only caused directly by signal lines acting as parasitic antennas. Power and
12

SHADAN COLLEGE OF ENG & TECH

TEMPEST AND ECHELON

10081A1210

ground connections can also leak high frequency information. Data line drivers cancause low- frequency variations in the power supply voltage, which in turn cause frequency shifts in the clock; the data signal is thus frequency modulated in the emitted RFI. Yet another risk comes from `active' attacks, and affect in which dataexternally parasitic dependent applied

radios, such equipment is not yet generally available. The graduate

student's Tempest spying kit is more likely to be just a radio receiver connected to an audio cassette recorder. In order to get a computer VDU to produce audible tones on our radio, we have to design a screen image that causes the VDU beam current to approximate a broadcast AM radio signal. If this latter has a carrier frequency fc and an audio tone with a frequency ft, then it can be represented as the timing of a digital video display system is first of all characterised by The pixel clock

modulators resonators

electromagnetic radiation: an attacker who knows the resonant frequency of (say) a PC's keyboard cable can irradiate it with this frequency and then detect key-press codes in the retransmitted signal thanks to theimpedance changes they cause. In general, transistors are non- linear and may modulate any signals that are picked up and retransmitted by a line to which they are connected. This effect is well known in the counterintelligence junction

frequency fp, which is the reciprocal of the time, in which the electron beam in the CRT travels from the centre of one pixel to the centre of its right neighbour. The pixel clock is an integer multiple of both the horizontal and vertical deflection frequencies, that is the rate fh = fp/xt with which lines are drawn and the rate fv = fh/yt with which complete frames are built on the screen. Here, xt and yt are thetotal width and height of the pixel field that we would get if the electron beam needed no time to jump back to the start of the line or frame. However the displayed image on the screen is only xd pixels wide and yd
13

community,

where`nonlinear

detectors' are used to locate radio microphones equipment. Short wave attacks:-If one wants to spy to a computer, then an important design criterion is the cost of the receiver. While intelligence services may already possess phased array antennas and software
SHADAN COLLEGE OF ENG & TECH

and

other

unauthorised

TEMPEST AND ECHELON

10081A1210

pixels high as the time allocated to the remaining xtyt - xdyd virtual pixels is used to bring the electron beam back to the other side of the screen. Attack software can read these parameters directly from the video controller chip, or find them in

R is in between 0 and1 is a uniformly distributed random number that spreads the quantization noise (dithering) for screen contents generated this way to broadcast an AM tone.

configuration files. For instance, on the ones Linux Workstation, a line of the formModeLine "1152x900" 95 1152 1152 1192 1472 900 900 931 939in the X Window System server configuration file /usr/lib/X11/XF86Config indicates that the parameters fp = 95 MHz, xd = 1152, yd = 900, xt = 1472 and yt = 939 are used on this system, which leads to deflection frequencies of fh = 64.5 kHz and fv = 68.7 Hz. If we de_ne t = 0 to be the time when the beam is in the centre of the upper left corner pixel (x = 0, y = 0), then the electron beam will be in the centre of the pixel (x,y) at time.For all 0 _ x < xd, 0 _ y < yd and n 2 IN. Using the above formula with the frame counter n = 0, we can now calculate a time t for every pixel (x,y) and set this pixel to an 8-bit greyscale value of [255/2+S(t)+R]with amplitudes, A = 255/4 and m = 1, where
14 SHADAN COLLEGE OF ENG & TECH

TEMPEST AND ECHELON

CHAPTER 4 CONCLUSION AND FUTURESCOPE

The interception of communication is the main function done by the intelligence agencies all over the world. The intelligence agencies are searching for the sophisticated

10081A1210 network formed by NSA and its allies all over the world to intercept the messages sent through any transmission media. It plays a major role in the intelligence related work of the NSA and its allies. It uses the largest computing power of distributed systems. It uses search

algorithms and sophisticated softwares like speech recognition and OCR software.Even though we discussed about the advantages of the Echelon and Tempest there is some major

methods for surveillance and spying from its own people and from its enemies. Here the scientists in the NSA developed the modern

disadvantages for these systems. These systems are GOD-LIKE and nothing can be hidden from the Echelon system. But the Echelon system will not provide any secrecy for the common people. It will only preserve the states policies. This will cause the leaking of the sensitive data of the industries and it will cause harm to that companies. And again the Tempest equipments are available in USA and is

techniques for finding the interception of messages. And they developed a network known as the Echelon

System. It made them to leap ahead of the hackers in one step. The main topics discussed here is Tempest and Echelon. Tempest is the technology for spying from electronic equipments with out any physical contact. It is the wonderful technology which people ever

prohibited of exporting from there, and thus if some terrorists got these Tempest equipments then it will cause harm to our industries and society. But many of the corporate firms are protecting their

experienced. It enables us to replicate the data on an electronic equipment from a couple of kilometres away. We can replicate the computer monitor and Hard disk (or even Memory) of computer system by this way.Echelon is the vast

companies from the Tempest attacks by use of software and equipments to prevent the Tempest attacks.

15 SHADAN COLLEGE OF ENG & TECH

TEMPEST AND ECHELON Discussing about the future scope of Tempest and Echelon, we can say that these can be used to empower our intelligence agencies to do their job better than before. Unfortunately our India does not have a Tempest equipment developed yet. But we have to take care of the foreign intelligence agencies stealing our military data and the diplomatic data. We have to take the counter measures to protect our secret data from them. And we are not a part of Echelon network developed by NSA, so we have to develop one such for empowering our intelligence agencies and military agencies

10081A1210

16 SHADAN COLLEGE OF ENG & TECH

TEMPEST AND ECHELON

10081A1210

REFERENCES http://jaisantonyk.wordpress. com/discuss/tempest-andechelon/

http://www.eskimo.com/~joe lm/tempest.html

http://actionamerica.org/eche lon/echelonwhat.html

http://cryptome.org/echelon2 -arch.htm

http://searchsecurity.techtarg et.com/sDefinition/0,,sid14_ gci56096 7,00.html

http://actionamerica.org/eche lon/echelonwork.html

http://www.akdart.com/carni v.html

http://cryptome.org/nacsim5000.htm

17 SHADAN COLLEGE OF ENG & TECH

TEMPEST AND ECHELON

10081A1210